Sender Authentication part 1: The basics of sending email

Sender Authentication part 1: The basics of sending email

This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works.

I remember back in my 4th year of university when we learned how to send "fake" email. The basic idea behind this was that we could send email to whoever we wanted to and specify any return address we wanted, even a domain that didn't exist. So, I sent a few fake messages to friends of mine. At the time, it never occurred to me that ethically-challenged people could seriously exploit this for nefarious purposes.

In this post and the next one, I am going to summarize the information found this page from stopspam.org (ie, most of this material was not originally written by me). That's a very good web page that provides a coherent overview of email headers. If you're like most internet users (including myself) and rarely bother clicking links, then read on.

To begin with, let's try to understand how email gets from point A to point B. Email travels through connections called ports. To keep track of all the different connections, the ports are numbered. Port 25 is the one that is used to transmit and receive email. When a computer attempts to transmit email, it opens a connection to port 25 and attempts to transmit using the Simple Mail Transfer Protocol, or SMTP.

This whole transaction depends on five commands which constitute the core of SMTP: HELO, MAIL FROM, RCPT TO, DATA, and QUIT.

HELO identifies the sending machine. "HELO mail.tzink.com" should be read as "Hello, I'm mail.tzink.com". However, the sender does not necessarily have to tell the truth; in fact, nothing prevents the sender from saying "Hello, I'm bonjour.hola.guten-tag" or "Hello, I'm woozle.wozzle.gov", or even "Hello, i.am.not.configured.properly". However, in most circumstances, the receiver has some tools with which to discover this and find out the sending machine's real identity.

MAIL FROM is the command that initiates the mail processing. It means "I have mail to deliver from so-and-so". The address that is specified becomes envelope From or envelope sender and it does not need to be the same as the sender's own address! This apparent security hole is inevitable (after all, the receiving machine doesn't know anything about who has what username on the sending machine), but in certain circumstances it turns out to be a useful feature.

RCPT TO is the flip-side to MAIL FROM; it specifies the intended recipient of the message. One piece of mail can be sent to multiple recipients by including multiple RCPT TO commands. The specified address becomes the envelope To, which is also referred to as the envelope recipient. It is this recipient that determines who the mail will be delivered to, regardless of what the To: line in the message says.

DATA starts the actual mail entry. Everything entered after a DATA command is considered to be part of the message and there are no restrictions on its form. Lines at the beginning of the message (before the first blank line) that start with a single word and a colon are considered to be headers by most mail programs. A line consisting only of a period terminates the message.

QUIT terminates the connection.

Below is an example mail conversation between the sending domain, tzink.net, and the recipient domain, tzink-is-awesome.com. The commands in bold are the transmitting machine while the ones in normal text are the recipient machine.

I think the subject of this blog entry is mail transfer commands rather than headers? You only mentioned the headers a bit in order to mention that they don't have to match the commands.

Prior to TCP-IP e-mail (using TCP port 25), there was UUCP e-mail (using serial links). In some systems the uucp account lives on even though they don't use it any more. If I recall correctly, when AOL connected to the internet, AOL didn't know about the old UUCP method, so they let some human get an account named uucp. He got all kinds of interesting mail, most of which wasn't intended for him.